A strong password is one that is hard to guess or access by brute-forcing. "Brute-forcing" a password involves trying every possible combination of characters in your password until a match is found. Attackers will use specialised software and lists of common passwords.

Strong passwords are not necessarily something difficult to remember yourself. Instead, you should aim to make it difficult for a computer to figure out the password. Most importantly, keep your password safe. Don't give the password to anyone or write it down somewhere obvious, like a Post-It note on a computer monitor.


  • use long passwords. A password of 10-14 characters is a reasonably good length, although some websites and software will limit their length.
  • generate passwords randomly if you can. Use a random password generating software or website (e.g. Passwordsgenerator.net). You may wish to use a password manager to store these.
  • use more than one word. The more words you use, the more secure your password. A password like "greatbananas" is more secure than a single word "banana".
  • separate your words with symbols (if these are allowed by the system) and numbers eg. great+_jumping+_red-bananas.
  • modify your password for each site e.g. great+_jumping+_google-bananas.
  • choose more than two unrelated words and combine them together e.g. MilkbottleExhaustTears.
  • pick the first letters from each word in a sentence and combine them together e.g. "leaves that are green turn to brown" could become ltagttb.
  • include random numbers, symbols (if allowed), upper- and lower-case letters to make your password harder to crack.


  • ever re-use a password that has been leaked
  • use default or common passwords even with numbers appended; e.g. default, admin, guest, password123, password
  • re-use the same password for different websites and services
  • stick to single words. If the word is in a dictionary it is easy for a computer to guess the password
  • use a familiar sentence. A famous sentence from a movie, book or drama can be easily guessed by computers unless you use unrelated random characters in the sentence
  • list letters or numbers in sequence
  • use your public and semi-public personal information as your password
  • use usernames, relative or pet names, or biographical information e.g. ID numbers, license plate number, telephone number, birthday
  • use words with easy to guess substitutions e.g. p@ssw0rd, 133th4x0r, g0ldf1sh
  • double-up words e.g. funfun, stopstop, treetree, passpass
  • use simple translations of words and sentences in another language
  • continue using a password that someone else has set up, or a temporary password. In these cases the password should always be changed as soon as possible

Contact AskOtago if you have any questions about creating a strong password:

Tel +64 3 479 7000 or 0800 80 80 98
Email askotago.it@otago.ac.nz

Last updated 09/01/2020 02.52 PM
Did this answer your question?